[clamav-users] ClamAV 1.0.1

Paul Netpresto paul at netpresto.co.uk
Wed May 24 17:51:43 UTC 2023 

Hi

I have found that 1.0.1 and 0.103.8 both behave badly if they find a 
malformed db. Agreed freshclam checks out the clamav/cisco db's.

I have yet to determine what unofficial db caused the failure. They 
should all have been verified before being placed in /var/lib/clamav/

Clamd ends up only partially running accepting connections creating a 
/tmp/clamav.... file then giving up on the scan part of the job.

Eventually clamd has 1024 open /tmp/clamav... files and further 
connections generate massive logs very quickly (like 3.5G in an hour )

It would be better if it exited when it cannot continue.

Regards Paul

On 24/05/2023 07:17, Steve Basford via clamav-users wrote:
> On 23 May 2023 21:59:22 Paul Netpresto <paul at netpresto.co.uk> wrote:
>
>> Hello
>>
>> What should the behaviour of a running clamd be when it comes across a
>> malformed database during a signature-reload.
>>
>> Clamd.conf has setting "ConcurrentDatabaseReload no"
>>
>> Regards Paul
>
>
> Hi Paul,
>
> Is there is a malformed database freshclam will ignore it and 
> shouldn't update.
>
> If it's a manually updated database, clamd will report the error in logs.
>
> That options means....
>
> *concurrentDatabaseReload BOOL* 
> <https://manpages.debian.org/unstable/clamav-daemon/clamd.conf.5.en.html#ConcurrentDatabaseReload>
>     Enable non-blocking (multi-threaded/concurrent) database reloads.
>     This feature will temporarily load a second scanning engine while
>     scanning continues using the first engine. Once loaded, the new
>     engine takes over. The old engine is removed as soon as all scans
>     using the old engine have completed. This feature requires more
>     RAM, so this option is provided in case users are willing to block
>     scans during reload in exchange for lower RAM requirements.
>     Default: yes
>
>     Cheers, 
>
>     Steve
>     Sanesecurity.com <http://Sanesecurity.com>
>     3rdparty ClamAV signatures
>
>>
>> _______________________________________________
>>
>> Manage your clamav-users mailing list subscription / unsubscribe:
>> https://lists.clamav.net/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/Cisco-Talos/clamav-documentation
>>
>> https://docs.clamav.net/#mailing-lists-and-chat
>
>
> Cheers,
>
> Steve
> Twitter: @sanesecurity
>
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20230524/eaf9f767/attachment.htm>

More information about the clamav-users mailing list